if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
else
echo "Can't read /etc/rc.subr; aborting."
exit 1;
fi
if [ -z "$MAILTO" ] || [ "$USER" != "root" ]; then
MAILTO=root
fi
if [ -n "${pkgdb_dir}" ]; then
echo "WARNING: Setting pkgdb_dir in daily.conf(5) is deprecated"
echo "WARNING: Please define PKG_DBDIR in pkg_install.conf(5) instead"
_compat_K_flag="-K ${pkgdb_dir}"
fi
echo ""
echo "Uptime: $(uptime)"
# Uncommenting any of the finds below would open up a race condition attack
# based on symlinks, potentially allowing removal of any file on the system.
#
#echo ""
#echo "Removing scratch and junk files:"
#if [ -d /tmp ] && ! [ -h /tmp ]; then
# cd /tmp && {
# find . -type f -atime +3 -exec rm -f -- {} \;
# find . ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
# >/dev/null 2>&1; }
#fi
trap "/bin/rm -rf $DAILYDIR ; exit 0" EXIT INT QUIT
if ! cd "$DAILYDIR"; then
echo "Can not cd to $DAILYDIR".
exit 1
fi
TMP=daily.$$
TMP2=daily2.$$
if checkyesno find_core; then
# Turn "foo !bar bax" into "-fstype foo -o ! -fstype bar -o -fstype bax"
ignfstypes="$(echo $find_core_ignore_fstypes | \
sed -e's/\(!*\)\([^[:space:]]\{1,\}\)/-o \1 -fstype \2/g' \
-e's/^-o //')"
# Turn "foo bar" into "( -path foo -o -path bar ) -prune -o"
# Set ignpaths empty if no find_core_ignore_paths given
if [ -n "$find_core_ignore_paths" ]; then
ignpaths="$(printf " -o -path %s" $find_core_ignore_paths)"
ignpaths="( ${ignpaths# -o } ) -prune -o"
else
ignpaths=""
fi
find / \( $ignfstypes \) -prune -o \
${ignpaths} \
-name 'lost+found' -prune -o \
\( -name '*.core' -o -name 'core' \) -type f -print > $TMP
# \( -name '[#,]*' -o -name '.#*' -o -name a.out \
# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
# -a -atime +3 -exec rm -f -- {} \; -a -print > $TMP
egrep '\.core$|^core$' $TMP > $TMP2
if [ -s $TMP2 ]; then
echo ""
echo "Possible core dumps:"
cat $TMP2
fi
# egrep -v '\.core' $TMP > $TMP2
# if [ -s $TMP2 ]; then
# echo ""
# echo "Deleted files:"
# cat $TMP2
# fi
rm -f $TMP $TMP2
fi
if checkyesno run_msgs; then
msgs -c
fi
if checkyesno expire_news && [ -f /etc/news.expire ]; then
/etc/news.expire
fi
if checkyesno purge_accounting && [ -f /var/account/acct ]; then
echo ""
echo "Purging accounting records:"
if [ -f /var/account/acct.0.gz ]; then
mv /var/account/acct.2.gz /var/account/acct.3.gz 2>/dev/null
mv /var/account/acct.1.gz /var/account/acct.2.gz 2>/dev/null
mv /var/account/acct.0.gz /var/account/acct.1.gz 2>/dev/null
else
mv /var/account/acct.2 /var/account/acct.3 2>/dev/null
mv /var/account/acct.1 /var/account/acct.2 2>/dev/null
mv /var/account/acct.0 /var/account/acct.1 2>/dev/null
fi
cp /var/account/acct /var/account/acct.0
sa -sq
if [ -f /var/account/acct.1.gz ]; then
gzip /var/account/acct.0
fi
fi
if checkyesno run_calendar; then
calendar -a > $TMP 2>&1
if [ -s $TMP ]; then
echo ""
echo "Running calendar:"
cat $TMP
fi
rm -f $TMP
fi
if checkyesno check_disks; then
if checkyesno show_remote_fs; then
df -hi -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
else
df -hil -t nokernfs,procfs,ptyfs,null,fdesc > $TMP
fi
if [ -s /etc/dumpdates ] ; then
dump -W > $TMP2
fi
if [ -s $TMP ] || [ -s $TMP2 ]; then
echo ""
echo "Checking subsystem status:"
echo ""
echo "disks:"
if [ -s $TMP ]; then
cat $TMP | sed 's/Mounted on/Mount/'
echo ""
fi
if [ -s $TMP2 ]; then
cat $TMP2
echo ""
fi
echo ""
fi
rm -f $TMP $TMP2
touch $TMP2
for dev in $(iostat -x | awk '/^raid/ { print $1 }'); do
raidctl -s $dev | awk '/^.*: failed$/ {print $0}' > $TMP
if [ -s $TMP ]; then
echo "$dev:" >> $TMP2
cat $TMP >> $TMP2
fi
rm -f $TMP
done
if [ -s $TMP2 ]; then
echo "failed RAIDframe component(s):"
cat $TMP2
fi
rm -f $TMP2
fi
if checkyesno check_mailq; then
mailq > $TMP
if ! grep -q "queue is empty$" $TMP; then
echo ""
echo "mail:"
cat $TMP
fi
fi
rm -f $TMP
if checkyesno check_network; then
echo ""
echo "network:"
if checkyesno full_netstat; then
netstat -inv
else
netstat -inv | awk 'BEGIN {
ifs[""] = 0;
}
/^[^\*]* / {
if (NR == 1) {
printf("%-8s %12s %6s %12s %6s %6s\n",
$1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
next;
}
if (!($1 in ifs)) {
printf("%-8s %12s %6s %12s %6s %6s\n",
$1, $(NF-4), $(NF-3), $(NF-2), $(NF-1), $NF);
ifs[$1] = 1;
}
}'
fi
echo ""
t=/var/rwho/*
if [ "$t" != '/var/rwho/*' ]; then
ruptime
fi
fi
if checkyesno run_fsck; then
echo ""
echo "Checking file systems:"
fsck -n -f ${run_fsck_flags} | grep -v '^\*\* Phase'
fi
if checkyesno run_rdist && [ -f /etc/Distfile ]; then
echo ""
echo "Running rdist:"
if [ -d /var/log/rdist ]; then
logf="$(date +%Y.%b.%d)"
rdist -f /etc/Distfile 2>&1 | tee /var/log/rdist/$logf
else
rdist -f /etc/Distfile
fi
fi
if ${pkg_info} ${_compat_K_flag} -q -E '*'; then
if [ -z "$fetch_pkg_vulnerabilities" ]; then
echo "fetch_pkg_vulnerabilities is not set in daily.conf(5)."
echo "You should set it to YES to enable vulnerability checks"
echo "or set it to NO to get rid of this warning."
elif checkyesno fetch_pkg_vulnerabilities; then
echo ""
echo "Fetching package vulnerabilities database:"
( umask 022 && ${pkg_admin} ${_compat_K_flag} \
fetch-pkg-vulnerabilities -u )
fi
fi
if checkyesno run_security; then
SECOUT="$DAILYDIR/sec"
sh /etc/security > "$SECOUT" 2>&1
if [ ! -s "$SECOUT" ]; then
if checkyesno send_empty_security; then
echo "Nothing to report on $date" > "$SECOUT"
else
echo ""
echo "Suppressing empty security report."
fi
fi
if [ -s "$SECOUT" ]; then
if checkyesno separate_security_email; then
mail -s "$host daily insecurity output for $date" $MAILTO < $SECOUT
else
echo ""
echo "$host daily insecurity output for $date:"
cat $SECOUT
fi
fi
fi
if checkyesno run_skeyaudit; then
if [ -s /etc/skeykeys ]; then
echo ""
echo "Checking remaining s/key OTPs:"
skeyaudit
fi
fi
if checkyesno run_makemandb; then
if [ -f /etc/man.conf ] && [ -x /usr/sbin/makemandb ]; then
echo ""
echo "Updating man page index:"
(umask 022; nice -n 5 /usr/sbin/makemandb -Q)
fi
fi
if [ -f /etc/daily.local ]; then
( . /etc/daily.local ) > $TMP 2>&1
if [ -s $TMP ] ; then
printf "\nRunning /etc/daily.local:\n"
cat $TMP
fi
rm -f $TMP
fi
